Main Vulnerability Database Vulnerabilities #VU53596

Improper Authentication in vCenter Server and Cloud Foundation - CVE-2021-21986

Published: May 26, 2021

Vulnerability identifier: #VU53596

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-21986

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: VMware, Inc

Affected software:
vCenter Server
Cloud Foundation

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests to the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application.

How to mitigate CVE-2021-21986

Install updates from vendor's website.

Sources

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Improper Authentication in vCenter Server and Cloud Foundation - CVE-2021-21986

Detailed vulnerability description

How to mitigate CVE-2021-21986

Sources

Please verify you're human